Skip to content

elastic/die-python

BranchesTags

Repository files navigation

DetectItEasy-Python

Python 3.11+ Downloads Code style: black Licence Apache2 Build

Native Python 3.11+ bindings for @horsicq's Detect-It-Easy

Install

From PIP

The easiest and recommended installation is through pip.

pip install die-python

Using Git

git clone https://github.com/elastic/die-python
cd die-python

Install Qt into the build. It can be easily installed using aqt as follow (here with Qt version 6.7.3):

python -m pip install aqtinstall --user -U
python -m aqt install-qt -O ./build linux desktop 6.7.3 linux_gcc_64               # linux x64 only
python -m aqt install-qt -O ./build linux_arm64 desktop 6.7.3 linux_gcc_arm64      # linux arm64 only
python -m aqt install-qt -O ./build windows desktop 6.7.3 win64_msvc2019_64        # windows x64 only
python -m aqt install-qt -O ./build windows desktop 6.7.3 win64_msvc2019_arm64     # windows arm64 only (will requires `win64_msvc2019_64`)
python -m aqt install-qt -O ./build mac desktop 6.7.3 clang_64                     # mac only

Then you can install the package

python -m pip install . --user -U

Quick start

import die, pathlib

print(die.scan_file("c:/windows/system32/ntdll.dll", die.ScanFlags.DEEP_SCAN))
'PE64'

print(die.scan_file("../upx.exe", die.ScanFlags.RESULT_AS_JSON, str(die.database_path) ))
{
    "detects": [
        {
            "filetype": "PE64",
            "parentfilepart": "Header",
            "values": [
                {
                    "info": "Console64,console",
                    "name": "GNU linker ld (GNU Binutils)",
                    "string": "Linker: GNU linker ld (GNU Binutils)(2.28)[Console64,console]",
                    "type": "Linker",
                    "version": "2.28"
                },
                {
                    "info": "",
                    "name": "MinGW",
                    "string": "Compiler: MinGW",
                    "type": "Compiler",
                    "version": ""
                },
                {
                    "info": "NRV,brute",
                    "name": "UPX",
                    "string": "Packer: UPX(4.24)[NRV,brute]",
                    "type": "Packer",
                    "version": "4.24"
                }
            ]
        }
    ]
}

for db in die.databases():
    print(db)
\path\to\your\pyenv\site-packages\die\db\ACE
\path\to\your\pyenv\site-packages\die\db\Amiga\DeliTracker.1.sg
\path\to\your\pyenv\site-packages\die\db\Amiga\_Amiga.0.sg
\path\to\your\pyenv\site-packages\die\db\Amiga\_init
\path\to\your\pyenv\site-packages\die\db\APK\AlibabaProtection.2.sg
[...]

Licenses

Released under Apache 2.0 License and integrates the following repositories:

About

Native Python3 bindings for @horsicq's Detect-It-Easy

Topics

python malware python3 malware-analysis malware-research detect-it-easy

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

80 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases 4

v0.5.0 Latest
Feb 20, 2026
+ 3 releases

Contributors

Languages